1. SNMP扫描
SNMP:简单网络管理协议
- 基于SNMP,进行网络设备监控,如:交换机、防火墙、服务器,CPU等其系统内部信息。基本都可以监控到。
- community:登录证书,容易被管理员遗忘修改其特征字符 #可用字典破解community(public/private/manager);
- 信息的金矿,经常被错误配置;
MIB Tree:
- SNMP Management Information;
- 树型的网络设备管理功能数据库;
前期准备
在目标机上安装SNMP服务,并查看服务的状态,团体信息等;
(1)SNMP扫描——onesixtyone
- 能扫出硬件信息;
root@root:~# onesixtyone 192.168.37.130 public
Scanning 1 hosts, 1 communities
192.168.37.130 [public] Hardware: x86 Family 6 Model 78 Stepping 3 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)
(2) SNMP扫描——snmpwalk
- 能查出更多的信息, -v指定版本,2c使用比较广泛,但可读性不是很好;
root@root:~# snmpwalk 192.168.37.130 -c public -v 2c
iso.3.6.1.2.1.1.1.0 = STRING: "Hardware: x86 Family 6 Model 78 Stepping 3 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.311.1.1.3.1.1
iso.3.6.1.2.1.1.3.0 = Timeticks: (43123182) 4 days, 23:47:11.82
iso.3.6.1.2.1.1.4.0 = ""
iso.3.6.1.2.1.1.5.0 = STRING: "UPWARD"
iso.3.6.1.2.1.1.6.0 = ""
iso.3.6.1.2.1.1.7.0 = INTEGER: 76
iso.3.6.1.2.1.2.1.0 = INTEGER: 3
iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2
iso.3.6.1.2.1.2.2.1.1.196612 = INTEGER: 196612
iso.3.6.1.2.1.2.2.1.2.1 = Hex-STRING: 4D 53 20 54 43 50 20 4C 6F 6F 70 62 61 63 6B 20
69 6E 74 65 72 66 61 63 65 00
iso.3.6.1.2.1.2.2.1.2.2 = Hex-STRING: 41 4D 44 20 50 43 4E 45 54 20 46 61 6D 69 6C 79
20 50 43 49 20 45 74 68 65 72 6E 65 74 20 41 64
61 70 74 65 72 20 2D 20 CA FD BE DD B0 FC BC C6
BB AE B3 CC D0 F2 CE A2 D0 CD B6 CB BF DA 00
iso.3.6.1.2.1.2.2.1.2.196612 = Hex-STRING: 42 6C 75 65 74 6F 6F 74 68 20 C9 E8 B1 B8 28 B8
F6 C8 CB C7 F8 D3 F2 CD F8 29 00
......
iso.3.6.1.2.1.25.6.3.1.2.2 = STRING: "WebFldrs XP"
iso.3.6.1.2.1.25.6.3.1.2.3 = STRING: "VMware Tools"
iso.3.6.1.2.1.25.6.3.1.3.1 = OID: ccitt.0
iso.3.6.1.2.1.25.6.3.1.3.2 = OID: ccitt.0
iso.3.6.1.2.1.25.6.3.1.3.3 = OID: ccitt.0
iso.3.6.1.2.1.25.6.3.1.4.1 = INTEGER: 4
iso.3.6.1.2.1.25.6.3.1.4.2 = INTEGER: 4
iso.3.6.1.2.1.25.6.3.1.4.3 = INTEGER: 4
iso.3.6.1.2.1.25.6.3.1.5.1 = Hex-STRING: 07 E2 0B 11 15 33 36 00
iso.3.6.1.2.1.25.6.3.1.5.2 = Hex-STRING: 07 E3 04 07 0B 39 34 00
iso.3.6.1.2.1.25.6.3.1.5.3 = Hex-STRING: 07 E2 0B 11 15 35 08 00
root@root:~# snmpwalk 192.168.37.130 -c public -v 2c iso.3.6.1.2.1.25.6.3.1.2.2
iso.3.6.1.2.1.25.6.3.1.2.2 = STRING: "WebFldrs XP"
(3)SNMP扫描——snmp-check
- 相比snmpwalk,增强了可读性;
- snmp-check 192.168.37.130;
- snmp-check 192.168.37.130 -w; #是否可写
root@root:~# snmp-check 192.168.37.130
snmp-check v1.9 - SNMP enumerator
Copyright (c) 2005-2015 by Matteo Cantoni (www.nothink.org)
[+] Try to connect to 192.168.37.130:161 using SNMPv1 and community 'public'
[*] System information:
Host IP address : 192.168.37.130
Hostname : UPWARD
Description : Hardware: x86 Family 6 Model 78 Stepping 3 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)
Contact : -
Location : -
Uptime snmp : 4 days, 13:40:38.12
Uptime system : 4 days, 23:54:43.71
System date : 2019-4-14 19:03:54.4
Domain : WORKGROUP
[*] User accounts:
x
y
z
abc$
Guest
yaoxingzhi
IUSR_UPWARD
IWAM_UPWARD
Administrator
HelpAssistant
SUPPORT_388945a0
[*] Network information:
IP forwarding enabled : no
Default TTL : 128
TCP segments received : 11471
TCP segments sent : 4045
TCP segments retrans : 0
Input datagrams : 13960
Delivered datagrams : 13859
Output datagrams : 9959
[*] Network interfaces:
Interface : [ up ] MS TCP Loopback interface
Id : 1
Mac Address : :::::
Type : softwareLoopback
Speed : 10 Mbps
MTU : 1520
In octets : 8291
Out octets : 8291
......
[*] Network IP:
Id IP Address Netmask Broadcast
196612 0.0.0.0 0.0.0.0 1
1 127.0.0.1